3. The Institute of Risk Management (IRM)
IRM is the world’s leading enterprise-wide risk education institute.
Our mission is:
‘Leading the risk profession through delivery
of education and life long learning’
We do this through:
5. What we did….
• 6 month project involving 35 team members plus other commentators from
UK and overseas
• Consultation period on draft document during July 2012
• Around 80 sets of comments to be considered
• Generally favourable although we couldn’t do everything suggested!
• Document launch Monday 15 October 2012
• Other presentations taking place worldwide
7. What do we mean by Risk Culture?
Why is risk culture so important?
How does culture affect risk management?
What does a good risk culture look like?
What can the board do about risk culture?
How can you change a culture?
10. The culture of a group
• Arises from its repeated behaviours
• Behaviours are shaped by attitudes
• Both behaviour and culture are in turn influenced by the culture
11. So by risk culture we mean
• The values, beliefs, knowledge and understanding about risk shared by a
group of people with a common purpose, in particular the employees of an
organisation or of teams or groups within an organisation
12. Different types of organisation will have different
cultures
And there can also be different cultures in
different parts of the same organisation
13. IRM Risk Culture Framework
IRM’s risk culture framework
looks at component parts
making up an organisation’s
risk culture
17. Personal ethics
Moral DNA
Profiling
…only 55% of all respondents could say definitively that they would not engage
in insider trading if they could make $10m with no risk of getting arrested.”
Labaton Sucharow survey 2012
26. …..we surveyed IRM members to establish
which organisational culture types would best
support successful implementation of risk
management
…..organisations required both strong Solidarity
and Sociability for achieving good quality risk
management results
27. …..our survey established that the right kind of
risk culture can actively help with risk
management and that the wrong type of culture,
far from being neutral, actually makes it more
difficult to manage risk
28. …..going back to our model of organisational
culture, we refined it further to focus on types of
risk culture
29. …..so how can we build solidarity and sociability
in respect of risk management?
30. …..we identified eight aspects of the risk culture
of an organisation that could usefully be
addressed
35. 10 indicators of a successful risk culture
• Distinct and consistent tone from the top
• Commitment to ethical principles
• Common acceptance of the importance of continuous management of risk
• Transparent and timely risk information flowing up and down
• Encouragement of risk event reporting and whistle blowing, actively seeking to learn
• No process or activity too large or too complex or too obscure
• Appropriate risk taking behaviours rewarded and encouraged and inappropriate behaviours
challenged and sanctioned
• Risk management skills and knowledge valued, encouraged and developed,
• Sufficient diversity of perspectives, values and beliefs to ensure that the status quo is
consistently and rigorously challenged
• Alignment with employee engagement and people strategy
37. Sample from ’10 questions for the Board’
• Are we providing consistent, coherent, sustained and visible leadership in terms of how we
expect our people to behave and respond when dealing with risk?
• How do we establish sufficiently clear accountabilities for those managing risks and hold
them to their accountabilities?
• Can people talk openly without fear of consequences or being ignored?
• How do we acknowledge and live our stated corporate values when addressing and
resolving risk dilemmas?
• How do the organisation’s structure, processes and reward systems support or detract from
the development of our desired risk culture?
• Do we have sufficient organisational humility to look at ourselves from the perspective of
stakeholders and not just assume we’re getting it right?
• How do we satisfy ourselves that new joiners will quickly absorb our desired cultural values?
• How do we support learning and development associated with raising awareness and
competence in managing risk at all levels?
• What training have we as a board had in risk?